Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

292 New today
64,923 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
285
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.3 CVE-2026-54010

Open WebUI: Forged chat-file link allows cross-user file read and deletion_CVE-2026-54010

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated...

open-webui open-webui < 0.9.6 CVE
MEDIUM 6.5 CVE-2026-54009

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field_CVE-2026-54009

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accep...

open-webui open-webui < 0.9.6 CVE
HIGH 8.5 CVE-2026-54008

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`_CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.p...

open-webui open-webui < 0.9.6 CVE
HIGH 7.1 CVE-2026-54007

Open WebUI: Cross-origin postMessage confirmation bypass via action:submit_CVE-2026-54007

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows...

open-webui open-webui < 0.9.6 CVE
MEDIUM 4.3 CVE-2026-54006

Open WebUI: Calendar event re-parenting allows writing events into another user’s calendar_CVE-2026-54006

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{e...

open-webui open-webui < 0.9.6 CVE
MEDIUM 5.3 CVE-2026-50221

CVE-2026-50221_CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-De...

OpenStack Swift 2.0.0 CVE
MEDIUM 5.2 CVE-2026-49983

Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access_CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with ...

denoland deno < 2.8.1 CVE
MEDIUM 5.2 CVE-2026-49860

Deno: WebSocket API sandbox bypass via missing post-DNS check_CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hos...

denoland deno < 2.8.1 CVE
MEDIUM 5.2 CVE-2026-49859

Deno: `fetch()` API sandbox bypass via missing DNS resolution check_CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch() was called, Deno checked the destination hostname against -...

denoland deno < 2.8.1 CVE